Detections
Analytics

OracleVM 3.3 : glibc (OVMSA-2014-0033)

high Nessus Plugin ID 79548

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,

- Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025).

 - Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458, #1111460).

 - Fix buffer overflow in readdir_r (CVE-2013-4237, #1111460).

 - Fix memory order when reading libgcc handle (#905941).

 - Fix format specifier in malloc_info output (#1027261).

 - Fix nscd lookup for innetgr when netgroup has wildcards (#1054846).

 - Add mmap usage to malloc_info output (#1027261).

 - Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1087833).

 - [ppc] Add VDSO IFUNC for gettimeofday (#1028285).

 - [ppc] Fix ftime gettimeofday internal call returning bogus data (#1099025).

 - Also relocate in dependency order when doing symbol dependency testing (#1019916).

 - Fix infinite loop in nscd when netgroup is empty (#1085273).

 - Provide correct buffer length to netgroup queries in nscd (#1074342).

 - Return NULL for wildcard values in getnetgrent from nscd (#1085289).

 - Avoid overlapping addresses to stpcpy calls in nscd (#1082379).

 - Initialize all of datahead structure in nscd (#1074353).

 - Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1044628).

 - Do not fail if one of the two responses to AF_UNSPEC fails (#845218).

 - nscd: Make SELinux checks dynamic (#1025933).

 - Fix race in free of fastbin chunk (#1027101).

 - Fix copy relocations handling of unique objects (#1032628).

 - Fix encoding name for IDN in getaddrinfo (#981942).

 - Fix return code from getent netgroup when the netgroup is not found (#1039988).

 - Fix handling of static TLS in dlopen'ed objects (#995972).

 - Don't use alloca in addgetnetgrentX (#1043557).

 - Adjust pointers to triplets in netgroup query data (#1043557).

Solution

Update the affected glibc / glibc-common / nscd packages.

See Also

http://www.nessus.org/u?bed5f80b

Plugin Details

Severity: High

ID: 79548

File Name: oraclevm_OVMSA-2014-0033.nasl

Version: 1.9

Type: local

Published: 11/26/2014

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:oracle:vm_server:3.3, p-cpe:/a:oracle:vm:glibc-common, p-cpe:/a:oracle:vm:nscd, p-cpe:/a:oracle:vm:glibc

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/4/2014

Vulnerability Publication Date: 10/9/2013

Reference Information

CVE: CVE-2013-4237, CVE-2013-4458, CVE-2014-0475, CVE-2014-5119

BID: 61729, 63299, 68505, 68983, 69738